At Validio, we understand the importance organizations place on the governance and security of their data, and our platform is designed to protect it. As a data company, we believe strongly in security, as well as transparency and data-backed decision-making.

Validio is designed to ensure a high level of security both across our platform and our internal team. We leverage established standards and protocols to ensure best-in-class security controls.

Compliance

Our Managed solution relies on Google Cloud platform and Amazon Web Services, which means that physical and environmental security is handled by these providers. Both provide an extensive list of compliance and regulatory assurances, including SOC 1/2-3, PCI-DSS, and ISO27001.

For more information, see Validio Trust Center.

ISO 27001 Compliance

Validio follows industry standards and are ISO 27001 certified by an independent auditor.

GDPR Compliance

Validio is compliant with EU General Data Protection Regulation (GDPR) to make sure our processes, procedures, and application adhere to industry security practices.

SOC 2 Type II Compliance

Validio is Service Organization Control Type 2 (SOC 2 Type II) compliant to ensure that third-party services we integrate with adhere to industry security practices.

Sensitive data

We recommend that you protect your sensitive data. Avoid exposing sensitive data and apply methods to increase the security for data at rest, in transit, or during processing. To achieve this, you can use pseudonymization techniques, such as tokenization, hashing, and masking.

External resources

• Google Cloud compliance and their security documentation.
• Amazon compliance and their security documentation.
• Practical Data Security and Privacy for GDPR and CCPA.